Thursday, 21 September, 2017

Old Windows PCs can stop WannaCry ransomware with new Microsoft patch

So Far, That Enormous Ransomware Attack Has Only Netted About $55000 for the Hackers Microsoft Slams NSA Over Ransomware Nightmare
Melissa Porter | 17 May, 2017, 12:43

While it looked to Grossman like Smith, of Microsoft, "came out swinging" at the National Security Agency, he said we shouldn't expect to hear anything concrete from the highly secretive group.

A screenshot of the warning screen from the ransomware attack, as captured by a computer user.

This makes it the third most popular OS, behind only Windows 7 (48.5%) and Windows 10 (26.28%).

Despite the high profile of WannaCry, widespread malware outbreaks have become less common over the years, as Microsoft has improved the security of its systems, said Ziv Mador, vice president for security research at Trustwave, a security services firm. And that's for a simple reason: Individuals and organizations alike are fundamentally bad about keeping their computers up-to-date with security fixes. Organizations had two months to update their Microsoft products, which would have protected their systems. If you are running a Windows machine and you haven't updated it yet, you should do so immediately.

The Japan Computer Emergency Response Team Co-ordination Centre, a non-profit organisation providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.

So criminals turned to targeted attacks instead to stay below the radar. "The ransomware also spreads through malicious attachments to emails", it said. Once installed, the malware just locks up that computer without spreading to other machines.

More than 45,000 computers in hospitals, IT organizations, railway station networks, ATMs and even universities across 74 countries have been severely affected by the WannaCryptransomware worm also popularly called Wcry.

On Monday, senior administration officials defended the government's handling of software flaws, without confirming the NSA link to WannaCry, the tool used in the global ransomware attack.

Microsoft patched the flaws in March when it issued MS17-010, one of its last-ever security bulletins.

Since security professionals typically focus on building walls to block hackers from entering, security tends to be less rigorous inside the network. "In the event that a virus is successful then the post event recovery will be complicated".

"When any technique is shown to be effective, there are nearly always copycats", said Steve Grobman, chief technology officer of McAfee, a security company in Santa Clara, California.

As a result, over 100,000 new infections were prevented, according to U.K.'s National Cyber Security Centre.

In February, Smith first called for the creation of what he has dubbed a Geneva Convention for cyberspace, which would outlaw nation-state cyber-attacks on critical infrastructure and tech companies.

The damage might have been temporarily contained. Although a researcher discovered and activated a kill switch in the original software, new versions lacking that safeguard have already been released. But attackers can, and probably will, simply develop a variant to bypass this countermeasure.

The Hong Kong-based Southern China Morning Post upped the ante in its report Monday, claiming that tens of thousands of businesses and organizations had been hit by the ransomware, which has been dubbed "WannaCry" by most security experts, "WannaCrypt" by a few outliers. In the United Kingdom, where the initial attack threw parts of the health care system into chaos Friday, the government scheduled an emergency meeting Monday afternoon to discuss the attack.

There is a bit of hope; numerous hacker tools rely on since-patched vulnerabilities in operating systems and software. MeitY has also asked Microsoft India to inform all its partners and customers to apply the relevant patches.